Industry-Specific Cybersecurity Threats in IT

The IT industry has become one of the top targets for cyberattacks, with 17% of all threats in 2025 aimed at IT companies. Attackers are exploiting IT firms to infiltrate supply chains, leveraging stolen credentials, and using legitimate administrative tools to bypass traditional defenses.

Main Threats:

1. AI-Powered Attacks:
   • Cybercriminals use AI for advanced phishing, impersonation, and exploiting vulnerabilities in AI tools.
   • Example: A deepfake scam in 2025 cost a company $25 million.
2. Ransomware and RaaS:
   • Ransomware incidents surged 73% from 2022 to 2023, with average losses of $5.3 million per incident.
   • Attackers misuse Remote Monitoring and Management (RMM) tools in 79% of ransomware cases.
3. Supply Chain Vulnerabilities:
   • Targeting third-party vendors and software updates to compromise larger organizations.
   • Example: A breach in 2025 exposed millions of records via weak third-party integrations.

Key Stats:

• 136% increase in cloud intrusions in the first half of 2025.
• 60% of organizations faced AI-driven attacks in the past year.
• 52% of cyberattacks are motivated by ransomware and extortion.

To counter these threats, IT companies need to focus on detection and recovery strategies, implement phishing-resistant authentication, and secure their supply chains. Continuous monitoring and collaboration between IT and security teams are critical to staying ahead of attackers.

1. AI-Powered Attacks

Attack Vectors

As cyber threats evolve, AI-powered attack vectors are transforming IT security. Cybercriminals are leveraging AI to outsmart traditional defenses. One major vulnerability is prompt injection, where malicious text manipulates Large Language Models (LLMs) into executing unauthorized actions. A variation, indirect prompt injection, uses seemingly harmless data - like emails - to initiate data theft or rogue code execution ^[4].

Another tactic, LLMjacking, involves stealing API credentials to exploit LLM services, potentially racking up costs exceeding $100,000 per day ^[4]. Attackers also compromise the AI supply chain by embedding malware into open-source models or tampering with Python packages ^[4].

Generative AI has made phishing and impersonation attacks more convincing than ever. For instance, in early 2025, a multinational engineering firm suffered a $25 million loss after employees fell for an AI-generated deepfake video that mimicked the CFO during a live call ^[3]. The telecommunications industry has also been hit hard: in 2024, a provider was fined $1 million after attackers used AI voice cloning to impersonate election-related robocalls ^[3].

Prevalence Rates

The data tells a sobering story. Globally, 60% of organizations report encountering AI-powered attacks within the past year ^[3]. Meanwhile, 66% of IT and business decision-makers rank AI-generated threats as their top data security concern heading into 2026 ^[5]. Voice phishing alone surged by a staggering 442% in the latter half of 2024 ^[1].

Despite these threats, many organizations remain unprepared. While 84% of companies use AI tools in the cloud, 62% have at least one vulnerable AI package in use ^[4]. Even worse, 49% of employees rely on unsanctioned AI tools, creating "Shadow AI" risks that evade corporate security monitoring ^[4]. Alarmingly, only 7% of organizations have implemented AI-enabled defenses to counteract these risks ^[3]. These gaps highlight the widespread challenges IT teams face.

Sector-Specific Impacts

AI-powered attacks affect different IT subsectors in unique ways. Cloud services and IT infrastructure companies are particularly at risk, with 33% reporting cloud data breaches tied to AI workloads ^[4]. Healthcare providers are battling AI-driven ransomware that cripples electronic records and scheduling systems, leading to operational shutdowns and even delayed surgeries ^[3].

The automotive and smart mobility sector has seen a sharp rise in large-scale incidents, jumping from 5% in 2023 to 19% in 2024 ^[6]. These attacks often target telematics servers, EV charging stations, and API-driven applications. In June 2024, CDK Global - a software provider serving 15,000 automotive dealerships - suffered a ransomware attack that halted operations for nearly three weeks, resulting in estimated losses of $1.02 billion ^[6].

"Threat actors have already shifted toward large-scale, sophisticated and AI-powered attack methods, targeting not only vehicles but also interconnected systems such as EV charging infrastructure, API-driven apps and smart mobility IoT devices."

• Yoav Levy, CEO and co-founder, Upstream ^[6]

In another alarming development, researchers in 2025 discovered a critical remote code execution vulnerability in Langflow, an open-source AI agent framework. This flaw was actively exploited to gain unauthorized access to systems ^[4]. As AI tools become more integrated into development processes, the threat landscape continues to evolve rapidly.

sbb-itb-8feac72

Cybersecurity Trends in 2026: Shadow AI, Quantum & Deepfakes

2. Ransomware and RaaS

With the growing threat of AI-powered attacks, ransomware and Ransomware-as-a-Service (RaaS) have emerged as equally daunting challenges in the IT world.

Attack Vectors

Ransomware campaigns often exploit well-known vulnerabilities. Phishing and social engineering, now supercharged with AI to be three times more effective than older methods, are responsible for 28% of initial breaches. Meanwhile, unpatched web assets and exposed remote services like RDP and VPN gateways account for 18% and 12% of entry points, respectively ^[8]. These evolving tactics make defending against ransomware as complex as tackling other AI-driven threats.

One standout feature of ransomware attacks targeting IT systems is the misuse of Remote Monitoring and Management (RMM) tools. In 2025, Microsoft reported that 79% of ransomware cases involved at least one RMM tool, which attackers repurposed for extortion ^[8]. Adding to the problem, RaaS platforms have turned cybercrime into a business, enabling even low-skilled hackers to launch advanced attacks using plug-and-play kits ^[9]. This trend is bolstered by Initial Access Brokers (IABs), who sell ready-made access to thousands of organizations ^[8].

"The rise of ransomware as a service, or RaaS, gives even low-skilled cybercriminals the tools they need to carry out sophisticated campaigns."

• Chris Novak, VP, Verizon Global Cybersecurity Solutions ^[9]

A solid understanding of these attack vectors is crucial to grasping their broader impact on IT organizations.

Prevalence Rates

In Q3 2025, ransomware incidents affected 742 industrial entities globally, with manufacturing bearing the brunt - 72% of attacks targeted this sector ^[7]. Overall, ransomware incidents surged 73% in 2023 compared to 2022, fueled by double and triple extortion strategies ^[9]. By the end of 2023, 10% of global organizations had been targeted. Financial losses are staggering, with the average cost of a ransomware incident reaching $5.3 million ^[10]. In the first half of 2024, claim severity jumped 68%, with average losses hitting $353,000 ^[9]. Data theft occurred in 37% of attacks, while 33% involved extortion ^[8]. Alarmingly, over half of all cyberattacks with known motives - 52% - are driven by ransomware and extortion ^[11].

Sector-Specific Impacts

Beyond the numbers, real-world examples highlight the disruption ransomware can cause to IT-dependent operations. In September 2025, Jaguar Land Rover (JLR) was hit by the Scattered Lapsus$ Hunters group, which targeted its SAP ERP system. The attack forced a five-week shutdown of global IT systems, halting manufacturing at UK plants and disrupting dealerships ^[7].

Collins Aerospace, part of RTX, faced a cyber intrusion that paralyzed airport check-in and boarding systems, forcing airports to switch to manual processes. This resulted in hours-long delays and widespread flight cancellations ^[7]. Similarly, Asahi Group Holdings in Japan suffered a Qilin ransomware attack in September 2025, causing system failures at multiple factories and weeks of disruption to ordering and shipping ^[7].

The blending of IT and operational technology (OT) often magnifies the damage. Attackers can halt operations by exploiting insecure links between enterprise systems and production environments, even without directly targeting industrial control systems. For instance, in August 2025, Data I/O Corporation reported a ransomware attack that disrupted communications, shipping, receiving, and manufacturing across its global operations ^[7].

"Cyberattacks are no longer isolated IT issues; they shape economies, geopolitics, and public trust."

• Microsoft Digital Defense Report 2025 ^[8]

3. Supply Chain and Third-Party Vulnerabilities

As cyber threats continue to evolve, supply chain vulnerabilities have emerged as a critical concern, adding to the challenges posed by AI-driven attacks and ransomware. These types of breaches are particularly dangerous because they exploit the "weakest link" in the chain - often targeting less-secure suppliers or third-party vendors to circumvent the strong defenses of larger organizations ^[14].

Attack Vectors

Cybercriminals take advantage of various entry points to infiltrate supply chains. A major target is third-party integrations. For instance, in August 2025, the Scattered Lapsus$ Hunters group breached Google Workspace data through vulnerabilities in third-party Salesforce contractor integrations, specifically Salesloft and Gainsight. This breach affected prominent organizations like Cloudflare, DocuSign, and Workday. A related attack on TransUnion exposed the Social Security numbers of 4.4 million individuals ^[12].

Another effective tactic is SMS phishing, or "smishing", aimed at supplier employees. In November 2025, Mixpanel fell victim to such an attack, leading to a breach that compromised OpenAI’s API and ChatGPT user data. In a separate incident, the ShinyHunters group accessed 94 gigabytes of data containing 200 million user records from Pornhub ^[12].

Attackers also exploit software update processes, injecting malicious code into legitimate updates to spread malware across organizations ^[13]. Management platforms are another frequent target. In October 2025, the Clop ransomware group exploited a zero-day vulnerability in Oracle’s E-Business platform, stealing sensitive executive data from hospitals, The Washington Post, and the University of Pennsylvania for extortion purposes ^[12].

These diverse attack methods highlight the extensive risks supply chains face, as reflected in rising vulnerability statistics.

Prevalence Rates

The scale of the problem is staggering. North American electric and gas utilities, for example, work with an average of 3,647 active suppliers, creating a vast attack surface ^[13]. The automotive industry has also seen a sharp rise in supply chain-related incidents. Large-scale cybersecurity breaches in this sector jumped from 5% in 2023 to 19% in 2024, with 92% of these attacks executed remotely and 85% occurring as long-range attacks ^[6].

Critical infrastructure is under constant threat, with cyber intrusions against these systems happening hundreds of thousands of times daily. In fact, over 30% of the cyber bulletins issued by the US Electricity Information Sharing and Analysis Center in 2017 involved phishing as the primary method of attack ^[13].

"Organizations can no longer protect themselves by simply securing their own infrastructures since their electronic perimeter is no longer meaningful; threat actors intentionally target the suppliers of more cyber-mature organizations to take advantage of the weakest link." - NIST IR 8276 ^[14]

These alarming statistics provide a foundation for understanding how supply chain vulnerabilities affect specific industries.

Sector-Specific Impacts

Supply chain breaches can cripple industries. In June 2024, CDK Global, a software provider serving 15,000 automotive dealerships, suffered a ransomware attack that shut down operations for nearly three weeks. The resulting losses were estimated at $1.02 billion, disrupting vehicle sales and services nationwide ^[6].

The automotive sector remains a prime target. Late in 2024, researchers uncovered a vulnerability in Kia’s web portal that allowed hackers to remotely unlock cars, start engines, and track the locations of millions of vehicles ^[6]. Around the same time, a flaw in Volkswagen’s systems exposed personal data - including email addresses, phone numbers, and home addresses - for approximately 800,000 electric vehicle owners ^[6].

The energy sector faces even more severe risks due to the blending of IT systems with operational technology. When attackers exploit supply chain vulnerabilities in Industrial Control Systems (ICS), the consequences can go beyond data breaches to include physical disruptions like regional power outages, safety hazards, and even explosions ^[13]. The mobility ecosystem also saw a surge in telematics and application server attacks, rising from 43% of incidents in 2023 to 66% in 2024. This underscores how interconnected systems can amplify vulnerabilities ^[6].

"The cybersecurity landscape across the Automotive and Smart Mobility ecosystem is poised to become more complex than ever... Threat actors have already shifted toward large-scale, sophisticated and AI-powered attack methods." - Yoav Levy, CEO and co-founder of Upstream ^[6]

Advantages and Disadvantages

This section dives into the trade-offs associated with various cybersecurity threats, highlighting how these risks impact IT operations. By comparing these challenges, organizations can better understand where to focus their resources.

AI-powered attacks are pushing organizations to upgrade their defenses. The good news? AI can drastically cut response times - from hours to mere seconds - using autonomous systems that suspend accounts and initiate resets automatically ^[8]. For instance, Microsoft leveraged AI to prevent $4 billion in fraud attempts and blocked 1.6 million bot-driven account sign-ups every hour ^[8]. However, the downside is stark: defenders must secure every potential entry point, while attackers only need to exploit one. AI-driven phishing campaigns are now three times more effective than traditional methods ^[8], and a staggering 80.83% of ransomware incidents between 2023 and 2024 involved AI ^[15].

"Can we crack the asymmetric warfare nature of cybersecurity? Attackers benefit from single points of failure, while defenders must protect all."

• Michael Siegel, Director of Cybersecurity at MIT Sloan ^[15]

This complexity also carries over to ransomware threats.

Ransomware and RaaS (Ransomware-as-a-Service) bring both financial and operational challenges. Effective mitigation strategies - like air-gapped backups and detailed continuity plans - can lower insurance premiums and help organizations avoid the average $353,000 loss per ransomware claim ^[9]. But these measures require significant resources. Defending against increasingly sophisticated attacks, which now include DDoS and physical threats, adds to the strain. In 2023, ransomware incidents surged 73% compared to 2022, with claim severity spiking by 68% in the first half of 2024 ^[9]. Additionally, ready-made ransomware kits allow even unskilled attackers to launch complex operations, further complicating the landscape. Supply chain vulnerabilities amplify these risks even more.

Supply chain security plays a critical role in disrupting the industrialized cybercrime economy, which thrives on turnkey intrusions. Strengthening supply chain defenses helps protect entire ecosystems ^[8]. The challenge? Visibility. North American electric and gas utilities, for example, juggle an average of 3,647 active suppliers ^[13], making audits a daunting task. A single weak link can trigger a domino effect across thousands of organizations. Alarmingly, 79% of ransomware cases investigated by Microsoft Incident Response involved the exploitation of remote monitoring and management tools ^[8]. To address these risks, IT teams must break down internal silos and integrate security practices across procurement, vendor management, and operations. This level of coordination, however, is a hurdle for many organizations.

The underlying challenge is clear: proactive defense requires significant upfront investment in automation, skilled talent, and governance frameworks. Organizations must weigh the urgency of addressing rapidly evolving AI-driven threats - identified as a top concern by 80% of CISOs ^[2] - against the resource strain caused by fragmented global regulations. Balancing these priorities is no small feat.

Conclusion

A strong, targeted approach to cybersecurity is essential in addressing the varied threats that different industries face. For example, the February 2024 ransomware attack on Change Healthcare compromised vast amounts of protected health information and forced UnitedHealth into an $8.5 billion emergency response - an event that highlighted a devastating business continuity failure ^[19].

Focusing on real risks rather than generic checklists makes all the difference. Tools like phishing-resistant multifactor authentication can block over 99% of identity-based attacks, while the CISA Vulnerabilities Catalog has been shown to speed up remediation by 3.5 times ^[17][18]. For organizations managing intricate supply chains, investing in continuous monitoring through tools like Extended Detection and Response (XDR) or Managed Detection and Response (MDR) can stop threats before they spiral into full-blown crises.

Operational resilience needs to be a cornerstone of governance to combat these evolving, industry-specific threats. Measures like network segmentation, offline backups, and thorough contractor evaluations are crucial. The industrial cybersecurity market's projected growth to $135.11 billion by 2029 ^[16] underscores the increasing reliance on robust security to maintain operational integrity.

These carefully tailored defenses lay the groundwork for stronger, industry-specific security strategies. Technical leaders must grasp the nuances of these threats to navigate today’s complex cybersecurity landscape. Platforms like Tech Leaders (https://technical-leaders.com) provide training that combines technical skills with strategic decision-making, equipping professionals to tackle challenges at the intersection of cybersecurity, AI, and business operations.

As the saying goes, attackers need only one vulnerability, while defenders must secure them all. Adopting layered strategies like CMMC standards, multi-party authorizations, and shared threat intelligence can make all the difference in building an effective, resilient defense system.

FAQs

How can IT companies defend against AI-powered cyberattacks?

AI-powered cyberattacks are on the rise, with threats like automated phishing, deepfake-based credential theft, and AI-enhanced ransomware becoming major challenges for IT companies. To combat these risks, businesses need to embrace AI-driven security tools. These tools can identify unusual activity, automate actions like resetting compromised credentials, and continuously scan for vulnerabilities. Additionally, adopting a zero-trust architecture and securing AI models can add extra layers of protection.

But relying on technology alone won’t cut it. Companies must prioritize educating their teams to spot AI-generated threats, establish clear incident response strategies, and invest in cutting-edge security solutions. Strong leadership is equally critical - leaders who understand both the technical and strategic dimensions of AI security can make a significant difference. Programs like Tech Leaders are designed to bridge this gap, equipping IT companies with the knowledge and tools they need to stay ahead of these fast-evolving threats.

What are the key security risks in IT supply chains?

IT supply chains come with several vulnerabilities that can put organizations at risk. Among the most concerning are malicious code embedded in products, counterfeit or subpar components, and security flaws stemming from poor manufacturing or development practices. These issues can create hidden backdoors, allow unauthorized access, or introduce weaknesses that linger throughout a product's lifecycle.

Another serious concern is software supply chain attacks. In these cases, attackers target a vendor's systems or inject malicious code into updates or libraries before they reach end users. Because this altered code is often trusted and widely used, the impact can be far-reaching. A well-known example of this is the SolarWinds breach, which highlighted just how damaging these attacks can be.

On top of that, limited visibility and weak governance in supply chains make matters worse. Problems like inadequate tracking of third-party components, poor supplier vetting, and a lack of monitoring for changes in the supply chain can leave organizations exposed. Without proper oversight, detecting counterfeit parts, insecure code, or unauthorized changes becomes incredibly challenging, opening the door to potential vulnerabilities.

What makes Ransomware-as-a-Service (RaaS) a growing cybersecurity threat?

Ransomware-as-a-Service (RaaS) has lowered the barrier for launching ransomware attacks by offering pre-made ransomware tools and ready-to-use infrastructure to attackers - for a fee. This "service model" has opened the door for individuals with limited technical skills to execute highly advanced attacks, dramatically increasing the number and frequency of cyberattacks.

What makes RaaS even more dangerous is its adaptability. Attackers can quickly recover from setbacks by switching to new operations, ensuring that ransomware remains a constant and evolving threat. Its simplicity and ability to scale have turned ransomware into a serious risk for businesses, regardless of their size or industry.